: Solaris doesn't accept *.* notation, the only wildcard can be for the facility. : *.err <--- ok : : cron.* <--- bad However, if you use a wildcard for a facility, it will also log everything above that facility. So, *.info Will send all log messages to that stream. - Aakin : : Also, when I test with logger, I only get 1 local copy, not 5. : : I also forgot to mention that the syslog.conf is the last version I tested with, other versions : did not use the same notation. : : So let me understand what you wrote: : : If I use 'logger -p user.err my test message' your saying this is getting logged at multiple : priorities and/or facilies? : : Or do you mean: : : user.err /some/file : user.crit /some/file : : Do you mean this syslog config will cause the previous logger statement to log twice? If so, that : would make sense, but I don't think the problem I am seeing is caused by this. : : Ugh, I'm at a loss and the documentation is severely limiting. : : Any ideas? : : --- Wolfgang Braun <wolfgang.braun@gmx.de> wrote: : : > On Tue, Jan 18, 2005 at 06:46:33AM -0800, Rhugga wrote: : > : > Hi : > : > > Getting 5 copies of each message. (was getting only 3 before, but now : > > getting 5 copies of each log message) : > : > I think the main culprit is your syslogd.conf on the Solaris machine: : > : > > # To syslog host : > > *.debug @syslog : > > *.info @syslog : > > *.notice @syslog : > > *.warning @syslog : > > *.err @syslog : > > *.crit @syslog : > > *.alert @syslog : > > *.emerg @syslog : > : > syslog.conf(5) on Linux says if you put priority P in a rule everything : > with priority >= P will be logged. Check your syslog manual. : > : > <man page> : > : > The behavior of the original BSD syslogd is that all messages of the : > specified priority and higher are logged according to the given : > action. : > : > </man page> : > : > Confirmed this with OpenBSD syslog. If I have : > : > *.* @loghost : > *.debug @loghost : > : > messages with priority >= debug are sent over the wire twice. : > : > If this is the case you can collapse your above statements to : > : > *.* @loghost : > : > to get only one copy of each msg. : > : > : > : > > Here is my entire config file: : > > [...] : > : > Just nitpicking but I think you could collapse most of your : > syslog-ng.conf if you took out the 'host("xyz")' out of the filters. : > Since they all go from the same source() to the same destination() with : > $HOST expansion they don't really accomplish anything. : > : > : > : > -- : > Wolfgang Braun, Dipl.-Inform. (FH) : > <wolfgang.braun@gmx.de> : > gpg-key: 1024D/4B32CE55 : > gpg-fingerprint: 7F0F DE82 94A5 B476 0E08 4972 AC95 31A3 4B32 CE55 : > _______________________________________________ : > syslog-ng maillist - syslog-ng@lists.balabit.hu : > https://lists.balabit.hu/mailman/listinfo/syslog-ng : > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html : > : > : : : ===== : Chuck Carson - Sr. Systems Engineer : Syrrx, Inc. - www.syrrx.com : 10410 Science Center Drive : San Diego, CA 92121 : Work: 858.622.8528 : Fax: 858.550.0526 : _______________________________________________ : syslog-ng maillist - syslog-ng@lists.balabit.hu : https://lists.balabit.hu/mailman/listinfo/syslog-ng : Frequently asked questions at http://www.campin.net/syslog-ng/faq.html :